Skip to main content

KeePass SSH Key management with PuTTY Pageant and MobaXterm

384 words·
KeePass SSH Windows PuTTY Pageant MobaXterm
Table of Contents

This tutorial establishes the following workflow:
SSH Keys are stored in KeePassXC. After the - password protected - KeePass databased is opend, the SSH Keys are automatically transfered to the PuTTY Pageant and MobaXterm uses the SSH Key from the PuTTY Pageant to authenticate via SSH.

Prerequisite
#

PuTTY Pageant`
#

Install PuTTY and add the PuTTY Pageant to Windows Startup folder.
C:\Program Files\PuTTY\pageant.exe Create Shortcut
Open Startup Folder
win + r Open Run Dialog
shell:startup Open Startup folder
Copy Pageant shortcut into Startup folder

OpenSSH Client
#

Open the Optional Features dialog and install OpenSSH Client, depending on the weather it may be necessary to reboot the system.

Alternative just manually add the following Environment Path Variable:
C:\Windows\System32\OpenSSH

Open the terminal and check if the OpenSSH Client is installed: ssh

Troubleshooting: If ssh.exe is still not found, check if the C:\Windows\System32\OpenSSH exists, if not, uninstall OpenSSH Client, reboot and reinstall OpenSSH Client.

Create SSH Key
#

Create RSA Key with 4096 bit:
ssh-keygen -t rsa -b 4096
Optional define path and name of key:
ssh-keygen -t rsa -b 4096 -f C:\SSH\jklug.work

KeePassXC
#

Add SSH Key
#

Download and install KeePassXC: https://keepassxc.org/download/

Create a new Database and add a new entry for the SSH key:

Option: If you defined a password for the SSH Key, add the password to the KeePass entry:

Open the Advanced section and add the private SSH Key as attachment:

Open the SSH Agent section and select the private SSH Key from the attachment menu.

Make sure the following options are enabled:

  • Add key to agent when database is opend
  • Remove key from the agent when database is closed

Optional: If the Add key to agent when database is opend option is not anabled you can manually add the SSH Key to the PuTTY Pageant:

Settings: Open the Tools / Settings panel and make sure Enable SSH Agent integration is enabled.

Allow Screencapture
#

By default the KeePassXC invisible in remote sessions like MS Teams screen sharing, Anydesk and TeamViewer. If you need to administrate KeePass in a remote session you can temporary allow screencapture:
Open a terminal session
cd 'C:\Program Files\KeePassXC' Open the KeePassXC.exe dir
.\KeePassXC.exe --allow-screencapture Run KeePassXC

MobaXterm
#

Settings: Open the Settings / Configuration / SSH panel and make sure Use external Pageant is enabled.